Here below are the few factual examples I can provide. May you please note that I don't think that the trojans (What the N-Americans qualify as "Exploited") don't take over all IP# of an infected network through the infection? -Though, that is only an opinion. Otherwise, the poor operator would be climbing on the walls! He'd pull the plug out! HiHiHi! Nope! The trojan simply implant itself on a given infected network (An email server for instance) to take over (1-2) IP# and sends forged headers spam from the intruded network. In most cases I seen up to now if not all, the "Exploiting" individual (Trojan encoder) do not implant both the HTML website advertised by the spamming trojan and the spamming trojan on the same sole network for obvious reasons. Therefore, once the infected network operator discovers the "Exploit", the HTML website to which the spam bares the link remains live. Even thought the intruded network gets rid of the automated spamming trojan. The website to which the spams refer (Hyperlink) is not yet destroyed! Being elsewhere on another infected network... On the contrary, when the "Other" network baring an intruded trojan that take over a given IP# within the network to give life to an HLML simple abusive webpage is destroyed by the infected network operator as Glen J., did (Here below) a little while back, and did clean that trojan up, does the abusive website should go down? NOPE! Rarely, very rarely goes down... Because the guy controlling the trojan which intruded the network to begin with, sure has sort of a motoring device that warns him when the infected network operator cleans his network and brings down the website. When GlenJ, destroyed the trojan-exploiting website, the abuser seen his website goes down and brought back on an IP# based his own network abroad from where he or she operates. This, until he finds that his intruder trojan succeeded to infect a new network. Never take so long... Only during that time, it is feasable to know exactly "Whois" the one who dissiminated those 2 types of exploit-trojans! The whole goal is free hosting and under the responsability of "Who Knows Who"! But who care really? If you'd want further details on all the methods as to how coders and "Pirates" can do such tricks, you'd be better to address yourself to peoples who want to protect these types of abusers. There just ought to be a few watching and taking good notes. I done what I could do, Ok? Thank you very much for reading me. ======================================== Note that one email here below is from an ARIN jurisdiction, another one from a huge network in SPAIN, very formal but also very friendly and the other one? .....I don't remember, forgotten... ========================================
Hello -
Mail Delivery System <XXXXX@XXXXX.com> wrote:
http://annevaleriejasmin.com/edit/yahoolink.php
Thank you for writing. The exploited site content has been taken offline. --
- Glen J., Abuse Coordinator
===================================
Hello.
Thank you for your report.
We have contacted our direct client regarding your report and expect a prompt response, including action against the abuser.
If you have any questions, please let us know.
---- Best Wishes, Sreejith S Systems Administration Support
Dear Sir:
We thank you for your message and we inform you that we are taking measures to prevent the problem from happening again.
We remember you our email.
Faithfully.
Nemesys Abuse Team Telefonica de España S.A.U.
-----Original Message----- From: woeber@cc.univie.ac.at Sent: Mon, 08 Aug 2011 15:42:35 +0000 To: ops.lists@gmail.com Subject: Re: [anti-abuse-wg] Hijacked netblocks - any SOP for these?
[Catching up after being out of office for a while...]
Suresh Ramasubramanian wrote:
[...] ============================================
Can we turn back to the question that was actually riased in the thread?
Yes, please. :-)
As Spamhouse was mentioned, and the term "hijacked" pointed at, can anyone please provide me/us with (a pointer to) the definition of "hijacked", in particular as used by Spamhouse?
TIA, Wilfried.
____________________________________________________________ Publish your photos in seconds for FREE TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if4